unique-salt-constants
Ensure each salt constant is unique.
A secret key makes your site harder to hack by adding random elements to the password.
In simple terms, a secret key is a password with elements that make it harder to generate enough options to break through your security barriers. A password like "password" or "test" is simple and easily broken. A random, long password which uses no dictionary words, such as "88a7da62429ba6ad3cb3c76a09641fc" would take a brute force attacker millions of hours to crack. A 'salt is used to further enhance the security of the generated result.
Install
This checkers comes with the preflight-command package. No extra setup steps needed.
Config
WARNING
Changing this checker's config doesn't make sense. Use with caution!
# excludes some of the salt constants
[unique-salt-constants]
enabled = true
excludes = [
'AUTH_KEY',
'SECURE_AUTH_KEY',
]
# disable it
[unique-salt-constants]
enabled = false
Default config located on /config/default.toml
.
Solution
Define unique salt constants.
- copy from WordPress salt generator to
wp-config.php
$ wp config shuffle-salts